Qualys Scanning for PCI Devices University of Minnesota
|
|
- Leonard Patrick
- 8 years ago
- Views:
Transcription
1 Qualys is the vulnerability scanner that will be used to map and scan devices that are involved in credit card processing to meet the PCI-DSS quarterly internal scan and map requirement. This document provides background and responsibilities for how QualysGuard scanning, mapping and ticket remediation tracking will be used at the University of Minnesota by departments for servers and devices involved in credit card processing. Qualys maintains more extensive documentation of the product under Help on the QualysGuard Enterprise Suite menu bar. Scanner Responsibilities Follow the naming convention for Asset Groups (see Naming Conventions section). Create and maintain the list of IP addresses that should be included in the PCI list of devices that are on the University network. Include servers, desktops, printers, and other devices that are involved in credit card processing in your PCI-devices Asset Group. Discovery map your PCI subnet ranges (PCI-hostips Asset Group) at least monthly. Review the Map reports for unknown devices. Recommend scheduling daily maps. Scan all IP addresses in the PCI-devices Asset Group at least monthly. Recommend scheduling weekly scans when the devices are expected to be on-line using the PCI-hostips Asset Group. Review the scan results. o Fix and mitigate the high severity vulnerabilities flagged as PCI Failed within 30 days. Rerun the scan. o The list of hosts that were not alive during the scan is listed in the Appendix of the scan results. Schedule a follow up scan for when these devices will be powered on. Update your remediation plan/ mitigation strategy at least monthly for the open tickets created for high severity vulnerabilities. Use the Qualys Ticket Remediation to document proposed or approved remediation steps. Run PCI FAIL+Confirmed 4-5 Technical Report- Select Asset Group or IP at least monthly to verify that all high severity vulnerabilities for PCI devices have been mitigated or resolved. Run the PCI Scan Report for Internal Scan report quarterly for all devices involved in credit card processing. For more information, see the section For the Quarterly Report. For the Quarterly Report: Compare the lists of host scanned for the current quarter to your unit s inventory list of hosts involved in credit card processing. All devices in your unit s inventory list must be scanned quarterly. Verify that the Reporting Asset Group PCI.COLLEGE.DEPT-Devices IP list has an entry (IP address) for each device that is involved in credit card processing Page 1 of 13
2 Verify that all hosts have a scan for the current quarter. Use the Asset Search feature for Asset Group PCI.COLLEGE.DEPT-Devices. Review the last scan date column. Verify that all PCI high severity vulnerabilities have been mitigated. Use the PCI FAIL+Confirmed 4-5 Technical Report- Select Asset Group or IP report. Run and save a copy (outside of Qualys) of the PCI Scan Report for Internal Scan to document your unit s internal scan PCI compliance. Provide a copy to the Merchant Manager and University PCI Compliance office (cmgraves@umn.edu). Naming Conventions Reporting Asset Groups: o PCI.COLLEGE.DEPT-Devices Map & Scan Asset Groups: o COLLEGE.DEPT.PCI-hostips Other asset groups should begin with: o COLLEGE.DEPT Vulnerabilities Qualys uses 3 categories for classifying vulnerabilities (confirmed, potential and information). Within the category, there are 5 levels for vulnerabilities. o Confirmed (red) Security weaknesses verified by an active test o Potential (yellow) Security weaknesses that need manual verification o Information (blue) Configuration data High Severity Vulnerabilities for PCI o Required: Fix vulnerabilities with PCI FAIL status - must have the high severity mitigated (i.e., patching/configuration, other compensating control or documented as a false positive) for reporting. o Hosts involved in credit card processing must mitigate the risk for all vulnerabilities that appear on the PCI reports. o Documentation of the mitigation plan or compensating controls for high severity vulnerabilities must be in the Qualys Ticket Remediation. Tickets for unmitigated vulnerabilities need to be documented within 30 days of scan. o For false positives, send documentation supporting your request to have it reviewed as a false positive to abuse@umn.edu with subject PCI Internal Scan False Positive Request. Include the Qualys Ticket Remediation # and the IP address of the host. University Information Security group will review your request and respond. Priorities for Other Vulnerabilities o Recommended: Review Potential 4 & 5 (yellow) and fix, if applicable o Recommended: Review Confirmed 1, 2 & 3 (red) and fix, if applicable o Recommended: Review & assess the risk with the other vulnerabilities and fix if applicable Page 2 of 13
3 Additional information on Set Up, Scans, Maps, Ticket Remediation & Reports Asset Groups (See Asset Group Image) Go to Assets > Asset Groups Create a new group from the New menu or edit an existing group from the Quick Actions menu. Use the workflow to manage the asset group and click Save. o Follow the naming conventions for Asset Groups. o IPs, list all the IP addresses or IP ranges to be included in the Asset Group. o Domain, select None domain. o Scanner Appliances, select all listed. o Business/CVSS Information: o information on this tab is optional Scans (See Scan Asset Group, Scan Host and Scheduled Scan images) Go to Scans and choose New > Scan Enter scan details and click Launch. For scheduled scans, Go to Scans > Schedules and choose New > Schedule Scan Enter task details and click Save. o There are multiple scan policies and options for scheduling scans. Here are the basics. Schedule scan or scan immediately Option Profile: U of M Initial Options (default) Scanner Appliance: All Scanners in Asset Group; Select an internal scan appliance when listing IP addresses or ranges. If not scanning an asset group, the external scanner is used instead of internal. Scan by Asset Group, Select IPs or IP Range o When the scan is completed, review the scan report and mitigate the vulnerabilities identified. Scan Reports Quarterly- PCI Scan Report for Internal Scan Go to Reports. Then go to New > Scan Report > PCI Scan Template Type in title for the report Use the pull down on Template Based to select the report format (e.g., PCI Scan Report for Internal Scan) Select Report output format (e.g, PDF) Type in the Asset Group name or use the Select feature to search and select the asset group Page 3 of 13
4 Ad-Hoc Go to Reports. Then go to New > Scan Report > Template Based o There are multiple report formats available (see Report Templates section). Here are the basics. Type in title for the report Use the pull down on Template Based to select the report format (e.g., PCI+Confirmed 4-5 Technical Report- Select Asset Group or IP) Select Report output format (e.g, PDF, csv, etc) Type in the Asset Group name or use the Select feature to search and select the asset group Ticket Remediation Go to Remediation > Tickets Select Edit from the Quick Actions menu for a single ticket in the list. Or select multiple tickets in the list and select Edit from the Actions menu. o The main remediation policy will create tickets for all confirmed 4 & 5 or PCI related vulnerabilities for the IP s in PCI-Devices Asset Group. Tickets will be assigned to the user running the scan. Deadline date for determining overdue tickets will be 30 days Page 4 of 13
5 Report Templates o PCI FAIL+Confirmed 4-5 Technical Report- Select Asset Group or IP Results as of the last scan Includes PCI FAIL status for each vulnerability (PCI org. determines which vulnerabilities to include in this report) or confirmed vulnerabilities at levels 4 & 5 Details on how to fix o PCI Scan Report for Internal Scan Results as of the last scan Includes PCI PASS and FAIL status for each vulnerability (PCI org. determines which vulnerabilities to include in this report). Details on how to fix o PCI Scan Report- Select Scan Results Use to run a PCI scan report for a prior period or a specific scan Results from a specific scan (includes option to include a specific IP) Includes PCI PASS and FAIL status for each vulnerability (PCI org. determines which vulnerabilities to include in this report). Details on how to fix o Technical Report- Select Asset Group or IP Results as of the last scan Includes all vulnerabilities (confirmed, potential, info.) at all levels (1-5) Details on how to fix Very large report o Technical Report-Select Scan Results Results from a specific scan (includes option to include a specific IP) Includes all vulnerabilities (confirmed, potential, info.) at all levels (1-5) Details on how to fix Very large report o UMN-Summary Report Results as of the last scan Includes all vulnerabilities (confirmed, potential, info) at all levels (1-5) No detail on how to fix Page 5 of 13
6 Maps (See Map Asset Group, Scheduled Map and Unknown Devices Report images) Go to Scans > Maps and choose New > Map Enter map details and click Launch. o Similar to nmap o There are multiple discovery map policies and options for scheduling maps. Here are the basics. Schedule a map or launch a map immediately Option Profile: University of Minnesota Initial Options (default) Scanner Appliance: Internal scan appliance Map by Asset Group, Select IPs or IP Range o When the map is completed, review the map report for anomalies. o To identify changes to the list of hosts that are on the network, use the Map Report-Unknown Devices Template. Go to Reports. Then go to New > Map Report > Template Based. Select Unknown Devices Report for Report Template Type in title for the report Select Report output format (e.g, PDF, csv, etc) Select the Map results to compare On the report, the status column will report if an IP address has been Added or Removed when comparing the 2 map results. If an IP address appears on both map results, the status is Active Page 6 of 13
7 Images Asset Group Go to Assets > Asset Groups Create a new group from the New menu or edit an existing group from the Quick Actions menu. Use the workflow to manage the asset group and click Save Page 7 of 13
8 Scan Asset Group Go to Scans and choose New > Scan Enter scan details and click Launch. Scan Host Page 8 of 13
9 Scheduled Scan Go to Scans > Schedules and choose New > Schedule Scan Enter task details and click Save. Scheduling workflow tab Page 9 of 13
10 Map an Asset Group Go to Scans > Maps and choose New > Map Enter map details and click Launch Page 10 of 13
11 Scheduled Map Go to Scans > Schedules and choose New > Schedule Map Enter task details and click Save. Target Domains workflow tab Page 11 of 13
12 Scheduling workflow tab Page 12 of 13
13 Unknown Devices Report Page 13 of 13
How To Use Qqsguard At The University Of Minneapolis
Qualys is a vulnerability scanner that is used for critical servers and servers subject to compliance reporting. This scanner is not generally to be used for desktop or laptop scanning. OIT has purchased
More informationNessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)
Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning
More informationPCI Compliance. Network Scanning. Getting Started Guide
PCI Compliance Getting Started Guide Qualys PCI provides businesses, merchants and online service providers with the easiest, most cost effective and highly automated way to achieve compliance with the
More informationManaging Qualys Scanners
Q1 Labs Help Build 7.0 Maintenance Release 3 documentation@q1labs.com Managing Qualys Scanners Managing Qualys Scanners A QualysGuard vulnerability scanner runs on a remote web server. QRadar must access
More informationNessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)
Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...
More informationGETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008
GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3 May 1, 2008 Copyright 2006-2008 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys,
More informationQualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015
QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.
More informationTRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE
.trust TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE 2007 Table of Contents Introducing Trustwave Vulnerability Management 3 1 Logging In and Accessing Scans 4 1.1 Portal Navigation and Utility Functions...
More informationManaged Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014
Managed Service Solutions Catalogue MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 1 MANAGED SERVICES SOLUTIONS CATALOGUE Managed Services Solutions Catalogue Managed Service Solutions
More informationSecurity and Compliance Suite
Security and Compliance Suite Quick Tour The Qualys user interface is easy-to-use with powerful Web 2.0 capabilities featuring interactive dashboards, actionable menus and workflows, context-based interactions
More informationQualysGuard Asset Management
QualysGuard Asset Management Quick Start Guide January 28, 2014 Dynamic Asset Tagging provides a flexible and scalable way to automatically discover and organize the assets in your environment and make
More informationQualys PC/SCAP Auditor
Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS
More informationSecurity and Compliance Suite Evaluator s Guide. August 11, 2015
Security and Compliance Suite Evaluator s Guide August 11, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationUnified Security Management (USM) 5.2 Vulnerability Assessment Guide
AlienVault Unified Security Management (USM) 5.2 Vulnerability Assessment Guide USM 5.2 Vulnerability Assessment Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationQualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014
QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.
More informationrating of 5 out 5 stars
SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security
More informationOnline Compliance Program for PCI
Appendix F Online Compliance Program for PCI Service Description for PCI Compliance Monitors 1. General Introduction... 3 2. Online Compliance Program... 4 2.1 Introduction... 4 2.2 Portal Access... 4
More informationFAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER
FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER SAQ FAQ S Q: Should I complete the PCI Wizard or should I go straight to the PCI Forms? A: The PCI Wizard has been designed to simplify the self-assessment requirement
More informationCLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc.
CLOCKWORK Training Manual and Reference: Inventory TechnoPro Computer Solutions, Inc. Table of Contents Inventory Learning Objectives License Key 5 Create a Catalog 6 Assign Permissions 9 Categories and
More informationOCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011
OCCS Procedure Title: Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011 Purpose The purpose of this procedure is to define the management and controls
More informationAssets, Groups & Networks
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationMonitoring Inventory. Inventory Management. This chapter includes the following sections:
This chapter includes the following sections: Inventory Management, page 1 Overview to Global Logical Resources, page 2 Configuring Inventory Data Collection Schedule, page 3 Viewing Inventory Details,
More informationTenable for CyberArk
HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments
More informationWindows Firewall Configuration with Group Policy for SyAM System Client Installation
with Group Policy for SyAM System Client Installation SyAM System Client can be deployed to systems on your network using SyAM Management Utilities. If Windows Firewall is enabled on target systems, it
More informationElastic Detector on Amazon Web Services (AWS) User Guide v5
Elastic Detector on Amazon Web Services (AWS) User Guide v5 This guide is intended for Elastic Detector users on AWS. Elastic Detector is available as SaaS or deployed as a virtual appliance through an
More informationFor paid computer support call 604-518-6695 http://www.netdigix.com contact@netdigix.com
Setting up your vpn connection on windows 2000 or XP in continuation from installing x.509 certificate on windows (please do not continue if you have not installed your x.509 certificate): Instructions
More informationKnowledge based authentication (KBA)
Knowledge based authentication (KBA) Overview Knowledge based authentication (KBA) is an advanced identity validation method to authenticate a signer by asking random questions selected from public and
More informationSecureGRC TM - Cloud based SaaS
- Cloud based SaaS Single repository for regulations and standards Centralized repository for compliance related organizational data Electronic workflow to speed up communications between various entries
More informationSample Vulnerability Management Policy
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
More informationUser s Guide. Skybox Risk Control 7.0.0. Revision: 11
User s Guide Skybox Risk Control 7.0.0 Revision: 11 Copyright 2002-2014 Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox Security and is
More informationG-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS
G-Cloud Pricing Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Contents 1. Introduction... 1 2. Pricing... 2 2.1 External Network Scan... 2 2.2 PCI DSS Approved Scanner Vendor (ASV) Scan...
More informationNetwork Detective. PCI Compliance Module Using the PCI Module Without Inspector. 2015 RapidFire Tools, Inc. All rights reserved.
Network Detective PCI Compliance Module Using the PCI Module Without Inspector 2015 RapidFire Tools, Inc. All rights reserved. V20150819 Ver 5T Contents Purpose of this Guide... 4 About Network Detective
More informationNetwork Detective. Network Detective Inspector. 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D
Network Detective 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D Contents Overview... 3 Components of the Inspector... 3 Inspector Appliance... 3 Inspector Diagnostic Tool... 3 Network
More informationVulnerability Scan Results in XML
Vulnerability Scan Results in XML Vulnerability scan results may be downloaded in XML format from the scan history list. The vulnerability scan results in XML format contains the same content as the vulnerability
More informationAdvanced Event Viewer Manual
Advanced Event Viewer Manual Document version: 2.2944.01 Download Advanced Event Viewer at: http://www.advancedeventviewer.com Page 1 Introduction Advanced Event Viewer is an award winning application
More informationScanner Networking. User s Guide. Microtek Scanner Server (MSS) utility. Note: ScanWizard Pro's scanner networking
Scanner Networking User s Guide This document explains how the scanner network function in ScanWizard Pro allows you to share and unshare scanners for public use, as well as how to access remote and local
More informationIntro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance
More informationIntro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security
More informationVirtual Office Remote Installation Guide
Virtual Office Remote Installation Guide Table of Contents VIRTUAL OFFICE REMOTE INSTALLATION GUIDE... 3 UNIVERSAL PRINTER CONFIGURATION INSTRUCTIONS... 12 CHANGING DEFAULT PRINTERS ON LOCAL SYSTEM...
More informationAUTOMATING THE 20 CRITICAL SECURITY CONTROLS
AUTOMATING THE 20 CRITICAL SECURITY CONTROLS Wolfgang Kandek, CTO Qualys Session ID: Session Classification: SPO-T07 Intermediate 2012 the Year of Data Breaches 2013 continued in a similar Way Background
More informationAlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard
AlienVault Unified Security Management (USM) 5.1 Running the Getting Started Wizard USM v5.1 Running the Getting Started Wizard, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault
More informationDelivering IT Security and Compliance as a Service
Delivering IT Security and Compliance as a Service Matthew Clancy Technical Account Manager Qualys, Inc. www.qualys.com Agenda Technology Overview The Problem: Delivering IT Security & Compliance Key differentiator:
More informationNovell ZENworks Asset Management
Novell ZENworks Asset Management Administrative Best Practices and Troubleshooting www.novell.com APRIL 19, 2005 2 GETTING THE MOST OUT OF NOVELL ZENWORKS ASSET MANAGEMENT The award-winning asset tracking
More informationBottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.
Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security
More informationOffline Scanner Appliance
Offline Scanner Appliance User Guide March 27, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other
More informationGoogle Drive. Administrator's Guide
Google Drive Administrator's Guide November 2015 www.lexmark.com Contents 2 Contents Overview... 3 Configuring the application...4 Acquiring a Google account... 4 Accessing the configuration page for the
More informationWPI Grant & Finance Reports using Argos To access the WPI Financial Reporting Menu, log into Banner Web Self Service at: bannerweb.wpi.
WPI Grant & Finance Reports using Argos To access the WPI Financial Reporting Menu, log into Banner Web Self Service at: bannerweb.wpi.edu Attention: If you use a Mac instead of a PC, you must connect
More informationIBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM
IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information
More informationHow to Get from Scans to a Vulnerability Management Program
How to Get from Scans to a Vulnerability Management Program Gary McCully Any views or opinions presented are solely those of the author and do not necessarily represent those of SecureState LLC. Synopsis
More informationHow To Write The Jab P-Ato Vulnerability Scan Requirements Guide
FedRAMP JAB P-ATO Vulnerability Scan Requirements Guide Version 1.0 May 27, 2015 JAB P-ATO Vulnerability Scan Requirements Guide Page 1 Revision History Date Version Page(s) Description Author May 27,
More informationPubMed My NCBI: Saving Searches & Creating Email Alerts
PubMed My NCBI: Saving Searches & Creating Email Alerts My NCBI feature of PubMed allows you to: Save and rerun your search strategies Create an automatic e-mail notification of new articles Build a bibliography
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationCreating an itunes App Store account without a credit card
Creating an itunes App Store account without a credit card Summary To create an itunes App Store account on your computer without a credit card, please follow the steps below. In order to create an account
More informationChapter A5: Creating client files and attaching bank accounts
Chapter A5: Creating client files and attaching bank accounts This chapter is aimed at BankLink Administrators It covers the set up of your BankLink Practice clients. A BankLink Practice user needs BankLink
More informationFile Management Utility User Guide
File Management Utility User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held
More informationScan to Network and Scan to Network Premium. Administrator's Guide
Scan to Network and Scan to Network Premium Administrator's Guide March 2015 www.lexmark.com Contents 2 Contents Overview...3 Configuring the application...4 Configuring a destination...4 Configuring destination
More informationPolicy Compliance. Getting Started Guide. January 22, 2016
Policy Compliance Getting Started Guide January 22, 2016 Copyright 2011-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationVulnerability Management Isn t Simple (or, How to Make Your VM Program Great)
Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great) Kelly Hammons Principal Consultant, CISSP Secutor Consulting October 2 nd, 2015 97% of breaches could have been avoided through
More informationPineApp Surf-SeCure Quick
PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.
More informationTenable Network Security Support Portal. January 12, 2015 (Revision 14)
Tenable Network Security Support Portal January 12, 2015 (Revision 14) Table of Contents Introduction... 3 Activate Tenable Support Portal... 3 Locate Your Customer ID... 6 Manage Your Activation Codes...
More informationAttachment Y SaaS ITSM Demonstration and Scenarios
Attachment Y SaaS ITSM Demonstration and Scenarios Demonstration and Oral Presentation Agenda In accordance with Section 1.16 of the RFP, each Presenter will be provided a 3 hour time period to discuss
More informationSTATE OF NEW JERSEY IT CIRCULAR
NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR
More informationSetting Preferences in QuickBooks
Setting Preferences in QuickBooks The following preferences should be set in Quickbooks: Setting QuickBooks to Display the Lowest Sub-Account Number The Default setting in QuickBooks for displaying Account
More informationU.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment (SRA) Tool User Guide Version Date: March 2014
More informationCopyright 2015 http://itfreetraining.com
This video will install Active Directory Federation Services on Windows Server 2012. In a previous video, an enterprise CA was installed and configured. This video will use that enterprise CA to issue
More informationManage Address Book. Administrator's Guide
Manage Address Book Administrator's Guide November 2012 www.lexmark.com Contents 2 Contents Overview...3 Using Manage Address Book...4 Setting up access control from the application...4 Exporting contacts...4
More informationSTARTER KIT. Infoblox DNS Firewall for FireEye
STARTER KIT Introduction Infoblox DNS Firewall integration with FireEye Malware Protection System delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks.
More informationSysAid Remote Discovery Tool
SysAid Remote Discovery Tool SysAid Release 7 Document Updated: 27-Apr-10 SysAid Remote Discovery Tool The SysAid server comes with a built-in discovery service that performs various network discovery
More informationRapid Assessment Key User Manual
Rapid Assessment Key User Manual Table of Contents Getting Started with the Rapid Assessment Key... 1 Welcome to the Print Audit Rapid Assessment Key...1 System Requirements...1 Network Requirements...1
More informationPandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide
Pandora FMS 3.0 Quick User's Guide April 27th, 2009 1 Contents How to monitor a network computer/device?...3 Concepts...3 What's an agent?...3 What's a module?...3 Data transfer modes...3 What is an alert?...3
More informationSecurity and Compliance Suite Rollout Guide. August 4, 2015
Security and Compliance Suite Rollout Guide August 4, 2015 Copyright 2005-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationUSING THE UPSTREAM-CONNECT WEBSITE
USING THE UPSTREAM-CONNECT WEBSITE The UpstreamConnect website is your primary means for viewing imaging device data and reports. This manual covers all aspects of using the UpstreamConnect website. HELPDESK
More informationSCCM Client Checklist for Windows 7
SCCM Client Checklist for Windows 7 1. The client workstation must have a supported operating system. Supported operating systems include Windows 7. To view information about the operating system version:
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationContinuous Penetration Testing
Continuous Penetration Testing SyCom Technologies 1.0 Continuous Penetration Testing Imagine a service that continuously monitors and reports on any new threats that emerge real time and provides a tactical
More informationIBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide
IBM Security QRadar SIEM Version 7.1.0 MR1 Vulnerability Assessment Configuration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks
More informationLondon & Zurich Merchant Management System User Guide.
London & Zurich Merchant Management System User Guide. Welcome to the London & Zurich Merchant Management System (MMS) user guide. In this guide we will look at the different sections of the MMS and explain
More informationFISMA Compliance: Making the Grade
FISMA Compliance: Making the Grade A Qualys Guide to Measuring Risk, Enforcing Policies, and Complying with Regulations EXECUTIVE SUMMARY For federal managers of information technology, FISMA is one of
More informationElectronic Ticket System
UNIVERSITY OF GEORGIA Electronic Ticket System New Options Available as of January 2010 Insert the complete email address (valid UGA address only) instead of the UGA MyID to send tickets to Approvers.
More informationHow to setup a network printer using HP Universal Printer Driver
How to setup a network printer using HP Universal Printer Driver This patch is only usable on HP T5730 Thin Client and up. The Printer also has to be networked and be PCL6 driver compatible in order to
More information*376823* Lead Export Configuration Quick Reference Guide. Configuring Lead Export. Configuring ADP CRM
Configuring Lead Export Lead Export Configuration Quick Reference Guide While there are three types of leads in ADP CRM (ileads, show and phone leads), to the system itself ADP CRM identifies all leads
More informationSoftware Vulnerability Assessment
Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled
More informationRunning the SANS Top 5 Essential Log Reports with Activeworx Security Center
Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly
More informationShellshock Security Patch for X86
Shellshock Security Patch for X86 Guide for Using the FFPS Update Manager October 2014 Version 1.0. Page 1 Page 2 This page is intentionally blank Table of Contents 1.0 OVERVIEW - SHELLSHOCK/BASH SHELL
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationWhite Paper. Managing Risk to Sensitive Data with SecureSphere
Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate
More informationNETFORT LANGUARDIAN MONITORING WAN CONNECTIONS. How to monitor WAN connections with NetFort LANGuardian Aisling Brennan
NETFORT LANGUARDIAN MONITORING WAN CONNECTIONS How to monitor WAN connections with NetFort LANGuardian Aisling Brennan LANGuardian gives you the information you need to troubleshoot problems and monitor
More informationIntroducing the Site Prep Tool
Introducing the Site Prep Tool Revision A03.10.011 Page 1 of 13 REVISION HISTORY Date Revision Changes January 2009 01.01 Initial Revision August 2009 02.01 November 2010 03.00 Octember 2012 03.00.022
More informationNote: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.
Quick Start Guide DocuSign Retrieve 3.2.2 Published April 2015 Overview DocuSign Retrieve is a windows-based tool that "retrieves" envelopes, documents, and data from DocuSign for use in external systems.
More information9 Working With DICOM. Configuring the DICOM Option
9 Working With DICOM DICOM (Digital Imaging and Communications in Medicine) is a format created by NEMA (National Electrical Manufacturers Association) to aid in the distribution and viewing of medical
More informationGeneral or System wide changes:
New Features of the e-quantum Release The new release has many enhancements and new features. We will cover as many of these as possible. Release notes can be found in e-quantum in the Help Menu. General
More informationHow To Tag Assets In A Microsoft Qoq On A Microsq.Com (For Free) On A Pc Or Macbook Or Macsoft.Com On A Macbook (For Paid) On An Ipad Or Ipad (
Dynamic Asset Tagging provides a flexible and scalable way to automatically discover and organize the assets in your environment and make them available for scanning, reporting and ticketing within Qualys.
More informationThe PTA s new membership website database and dues reporting system
M3 The PTA s new membership website database and dues reporting system State Level Actions from Task Menu M3 CAPABILITIES The State must authorize a user to have access to M3. The State s authorized users
More informationFlorida Courts E-Filing Portal. E-service User Guide
Table of Contents Overview... 3 E-service Features... 3 Pre-Populated E-service Lists... 3 Incorporating E-service to the Filing Process... 3 Screen Location for Service List... 4 E-File Service List Page...
More informationConfiguring Security for SMTP Traffic
4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic
More informationCSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office
CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office Last Revised: 09/17/2015 Final REVISION CONTROL Document Title: Author: File Reference: CSUSB Vulnerability
More informationCLEARPASS ONGUARD CONFIGURATION GUIDE
CONFIGURATION GUIDE REVISION HISTORY Revised By Date Changes Dennis Boas July 2015 Version 1 initial release TABLE OF CONTENTS... 1 INTRODUCTION... 3 CONFIGURATION WORKFLOW... 4 CONFIGURE POSTURE POLICIES...
More informationState of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard
State of Minnesota Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard Approval: Enterprise Security Office (ESO) Standard Version 1.00 Gopal Khanna
More informationThis guide describes the process for modifying virtual resources in the Fujitsu Global Cloud Platform (FGCP) Figure 1 My Portal
Fujitsu Global Cloud Platform This guide describes the process for modifying virtual resources in the Fujitsu Global Cloud Platform (FGCP) Before you start 1. Select My Portal from the Start-Up Menu 2.
More information